Resubmissions

04-03-2022 04:12

220304-esxkrafbcq 10

03-03-2022 16:35

220303-t3xqtsbha7 10

03-03-2022 14:07

220303-rfdnbsbdh2 10

24-02-2022 17:02

220224-vj468sefcp 10

18-02-2022 12:16

220218-pfr5lscec4 10

14-02-2022 06:04

220214-gs4p6sffc3 10

General

  • Target

    dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75.exe

  • Size

    579KB

  • Sample

    220224-vj468sefcp

  • MD5

    b7b86225defaae424aa2e447fc784088

  • SHA1

    4cb5d0afea368c7668fda827d5c8a0fea122520a

  • SHA256

    dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75

  • SHA512

    aedb708457385bcb8f6e5aed625d1926f276afb1d0b57c276d56a4c05c8dd3e207d17767d2d8887c795c688d87b773d281c520278a5eeccc2eb83d13f5dbfd5b

Malware Config

Targets

    • Target

      dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75.exe

    • Size

      579KB

    • MD5

      b7b86225defaae424aa2e447fc784088

    • SHA1

      4cb5d0afea368c7668fda827d5c8a0fea122520a

    • SHA256

      dab8893b6a8b67b41ad07bd0d01c6d9ba67bf3f80ff414ef7a85ec2a1f991c75

    • SHA512

      aedb708457385bcb8f6e5aed625d1926f276afb1d0b57c276d56a4c05c8dd3e207d17767d2d8887c795c688d87b773d281c520278a5eeccc2eb83d13f5dbfd5b

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

      suricata: ET MALWARE Fareit/Pony Downloader Checkin 2

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks